diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index 2eb5e2feefb7667bf5fe44b7123b063000967d34..85050b4b4fd7301966d0ce3b85297caad1f8c9a4 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -563,7 +563,11 @@ class sspmod_saml_IdP_SAML2 { } $a->setNotOnOrAfter(time() + $assertionLifetime); - $a->setAuthnContext(SAML2_Const::AC_PASSWORD); + if (isset($state['saml:AuthnContextClassRef'])) { + $a->setAuthnContext($state['saml:AuthnContextClassRef']); + } else { + $a->setAuthnContext(SAML2_Const::AC_PASSWORD); + } if (isset($state['AuthnInstant'])) { $a->setAuthnInstant($state['AuthnInstant']);